SecureDoc v6.5 SR1 Release Notes

Please note that WinMagic is deprecating SecureDoc V4 Pre-Boot Authentication (PBA) support for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL). The existing V4 support for SEDs will remain in the product for the time being but will not be maintained or enhanced. We recommend that customers migrate to V5 PBL over the course of the next year.

During the installation of SES, if Full-Text Indexing has not been installed, a message will appear indicating the absence of the Full-Text Indexing. This message will not allow the user to stop the installation of SES which will require retrofitting Full-Text Indexing into an existing SQL Server.

Note: Use of the SES Console will require the user to have at least local admin rights on the server or client device (e.g. Admin desktop) on which it runs, in order for the console to function properly.

Note: WinMagic is deprecating SecureDoc V4 Pre-Boot Authentication (PBA) support for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL). The existing V4 support for SEDs will remain in the product for the time being but will not be maintained or enhanced. We recommend that customers migrate to V5 PBL over the course of the next year.

The SecureDoc for FileVault2 installer now checks for the existence of the FileVault2 Recovery Partition (a native requirement for FileVault2), and if this partition cannot be found on the Mac computer's drive, the SecureDoc installation will be halted and an alert message will be shown. The message articulates the specifics of the problem, and provides recommended steps to remedy the situation before installation of the SecureDoc client software can be re-attempted.

SD-11753

Pre-boot is Unable to Release IP Addresses

In previous versions of SecureDoc, there was an issue with the Pre-boot environment not releasing its IP address as Pre-Boot ended in order to transition to the OS Kernel.

This would cause problems with over-committing the DHCP lease pool in those cases where DHCP servers are not set up to lease IP addresses based on the requesting client's MAC address. In such a scenario, the IP pool would run out of IP addresses since one address would be consumed at Pre-Boot, then a different address consumed when the Operating System would start.

In this version, this issue has been fixed by updating pre-boot, which will now automatically send an IP release command, to notify the DHCP server that the address is available for re-use.

SD-10360

Support for Gemalto 128 PIV Cards

An issue has been found where in previous versions of SES (V6.4 SR1 and V6.5) Gemalto 128 PIV cards were not working properly on some computers.

An issue has been found while deploying SES Version 6.5 on the computers that use Symantec Endpoint Protection for restricting access to USBs. For such devices, SecureDoc is attempting to write to USB (even though no removable media encryption options are enabled) and is requesting write permissions to the disk in order to identify the disk number.

This issue has now been fixed by lowering the disk access permissions.

SD-11529

Unable to Push Commands to Apple Devices

This issue has occurred since Apple stopped supporting SSL3 for push notifications and switched over to TLS.

Now, SES supports TLS to push notifications to Apple devices.

SD-11757

Microsoft Surface Pro 3 UEFI Pre-boot Login Failure

In SES 6.5 version, Microsoft Surface Pro 3 users were unable to run Windows after authenticating at the Pre-boot logon. Upon the second login attempt, PBU displays a Token error. If the users attempts to log in the third time, the device reboots and Windows Operating System (OS) starts. However, when the user logs into Windows, a message showing PBU login failure count is displayed.

This issue has been resolved, and a normal pre-boot to Windows authentication process will occur.

SD-11789

"Aladdin eToken Pro" Protection Method Option is Missing in SES V6.5

An issue has been reported in SES 6.5 version that the “Aladdin eToken Pro” protection method was not showing up in the token type drop-down list in SES Console.

This issue has been fixed by adding this option to the token/protection method drop-down list.

SD-11867

Hibernate Credential Issue: After the Device is Resumed from Hibernation, a Different user is Unable to Single-Sign-On into Windows

An issue has been reported that affects Microsoft Windows 7 and 8.1 OS in Dell Latitude (E7240, E7440, E6430U, E6420), Lenovo X1 Carbon, and Lenovo Yoga 2 Pro machines. When a device hibernates while one user is logged in, and a different user attempts to log in at pre-boot, the second user was not able to single-sign on into Windows; instead the first user automatically signed into Windows with his/her login credentials.

This issue has been corrected.

SD-11936

SESWeb Does Not Display “Users” Option under “Devices” Tab

In a previous version of SES, the SES Web administrators were unable to view the “Users” option under the “Devices” tab in SES Web.

This issue has been fixed in this version.

SD-11944

UEFI Pre-boot Resolution\Custom Background Image is Stretched

The SES functionality that permits an Administrator to define a customized background image at pre-boot had not been working for devices using UEFI under Windows 8.x.

This has been corrected and a means of defining and correctly scaling such an image in the UEFI pre-boot environment has been developed.

When installing SecureDoc FileVault2 on devices that run Mac Yosemite 10.10.x and above, the SecureDoc agent was failing to enable FileVault2 and an error, "SecureDoc for FileVault 2: SecureDoc detects: previously FileVault 2 data protection cycle has not been finished yet. Please restart computer after 100% of conversion has been done. SecureDoc will continue installation automatically" would be displayed.

This issue has now been resolved by improving the Mac Installer functionality that detects and automatically reverts Core Storage logical volume, if possible. In case the Core Storage is not revertible, a message is displayed advising the users to use certain commands for reverting Core Storage logical volume into an HFS volume.

“Folder” and “Folder Advanced” Tabs are Displayed Even Though “Manage Folders” Option is Unchecked in SES Web

An issue has been reported that SES Web Administrators were able to access “Folder” and “Folder Advanced” functionality even though the “Manage Folder” folder option was not selected in the SES Web Console.

This issue has been fixed.

SD-12238

SDConnex Service Stability Issue

An issue relating to high-memory consumption by SDConnex service has been identified.

This issue has been fixed.

SD-12247

Users are Unable to Authenticate at Pre-boot after their Password Update in Server

This issue has been encountered by users who have access to multiple devices having different operating environment (e.g. Windows and Mac) and use pre-boot network to log into Windows / Mac. In a scenario where a user’s password has been updated from the server side, and this user is trying to perform a pre-boot authentication on Mac/Windows devices, an error “0 x 7885” is displayed.

This issue has been fixed.

Please note that WinMagic is deprecating SecureDoc V4 Pre-Boot Authentication (PBA) support for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL). The existing V4 support for SEDs will remain in the product for the time being but will not be maintained or enhanced. We recommend that customers migrate to V5 PBL over the course of the next year.”